Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online

Introduction

 
In this article, we will explore how to create a flow with Power Automate to break inheritance permissions on list item-level SharePoint Lists, remove existing permissions and set new List Item-Level permissions in SharePoint Online (new permissions).
 
In the previous article, we had to explore break inheritance permissions on list item-level SharePoint Lists and add roles. In this same step, follow for break inheritance permissions on list item-level and we see how to remove existing permissions and set new List Item-Level Permissions in SharePoint Online.
 

Issues

 
If your group already has permissions, it will add the new permissions to the existing one.
 
For example, in case we are adding Read permissions on the list item, if the SharePoint Group members already have Edit permissions, it won't remove the Edit one, you will see that he has Edit and Read permissions.
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 

Solutions

 
We can achieve the unique item-level permissions to the SharePoint list follow the below point and steps.
 
We can also check one by one:
  1. Break inheritance on list item-level List
  2. Remove list item level roles (permission)
  3. Add list item-level roles (new permissions)

Break inheritance on list item-level List

 
We are going to define custom permissions for the list item level, and we are going to have to break the inheritance role. This will not change permissions but will simply change the current users into 'specified' permissions instead of 'inherited.'
 
We will see step-by-step how to implement it with Power Automate.
 
http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle('[LIST_TITLE]')/breakroleinheritance(copyRoleAssignments=true, clearSubscopes=true)
 
As you can see, in the URL I have "copyRoleAssignments = true," if set to true, this means it copies the parent's roles/permissions, if set to false, it does not copy the parent's roles/permissions.
 

Remove list item-level list role (Permission)

 
Then following REST API to remove list item level roles/ permission

http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle(''[LIST_TITLE]')/items([ItemID])/roleAssignments/groups/removebyid([Group_PRINCIPLE_ID])
 

Add list item-level roles (new permissions)

 
Then following REST API to Add list item level roles/ permissions
 
http://[SHAREPOINT_SITE_URL]/_api/web/lists/getByTitle('[LIST_TITLE]')/roleassignments/addroleassignment(principalid=[GROUP_ID/User_ID],roleDefId=[ROLE_ID])
 

The step-by-step Flow action to build

 
We have created an Employee information list for adding new candidate's information and submitted it to HR Approval Group For approval. After approval, HR Approves groups assigned to read permission.
 
Step 1
 
Go here and log in with your Office 365 account.
 
We start with a blank canvas and build the Flow ourselves. Therefore, click the + New button and select “Automated – from blank, follow the numerical points, as shown in the below screenshot:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
Provide a name and choose which Flow will trigger (or start). In our case, this will be “When an item is created or modified” then click the Create button. Follow the numerical points, as shown in the below screenshot:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
Enter the site address (URL) and select the list on which you want this Flow to run:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
Step 2
 
We have initiated two variables for the list name and HR Group principle ID:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
Step 3
 
In these steps, we verified the HR approval group approve the employee information request status:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
If Approval Status is Approval then start the process of remove the permission and set new permission to the HR approval group. First, we break the inheritance on an approval list item:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
After Break, the inheritance, send the HTTP request to getting HR approval group Principle ID using REST API in the below screen:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
Set the HR approval group principle ID to GroupPrinciple ID:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
In the below steps, we first remove the HR Approval Group Item level permission and set the read-only permission to the same list item.
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
To assign item level permission, we need to have the role definition IDs. Here are a few out of the box IDs below.
 
Role Definition Name
Role Definition Id
Full Control
1073741829
Design
1073741828
Edit
1073741830
Contribute
1073741827
Read
1073741826
View Only
1073741924
Limited Access
1073741825
 
O/p
 
Before Approval Status:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online
 
After Approval Status:
 
Power Automate - Break Inheritance, Remove And Set List Item-Level Permissions In SharePoint Online